QuickTime Developer Series

Sample Chapter

| Next | Prev | Top |

Copy-Protecting Movies

There are several things you can do to give your movies a degree of copy protection--nothing that would stop the federal government (or a determined teenager with unlimited time and equipment), but enough to keep honest people honest, and average copiers baffled:

  •   You can set a movie characteristic that prevents the movie from being edited or saved by any QuickTime application.
  •   You can conceal a movie's URL by embedding it inside a poster movie or inside a decoy movie.
  •   You can prevent a movie from appearing in the browser's cache folder.
  •   You can deliver your movies as real-time streams.
  •   You can encrypt the media.
  •   You can combine these methods in various ways.

    • Note  Here's a word to the wise. There's a lot of interest in securing movies and, yes, there are a lot of useful tricks, but, no, there is no 100% foolproof method--someone can always point a movie camera at the screen or capture the packets as they stream across the network. So far, no encryption scheme has proven to be unbreakable.

  •   Disallow Saving

Clicking the "Disallow saving from plugin" checkbox in Plug-in Helper is similar to setting KIOSKMODE="True" in the <EMBED> tag, but it's more secure, and it goes further.

The QuickTime plug-in won't save a movie if the "Disallow saving from plugin" checkbox is set with Plug-in Helper, no matter what the KIOSKMODE setting is. In fact, all QuickTime applications, including QuickTime Player and Plug-in Helper, recognize the disallow saving setting and will not copy or save the movie once this attribute is set.

Of course, if people get copies of your protected movie from the browser cache, or by accessing your server directly, they can duplicate them using their file systems. But these copies also have the disallow saving attribute. People still can't cut, change, or edit your movies.

    Important  Make a backup copy of your movie before you turn copy protection on using Plug-in Helper. You cannot edit and save the movie afterward.

  •   Conceal the URL with a Poster Movie

You can get additional protection by using Plug-in Helper to conceal a movie's URL from viewers. Your HTML source can be simply

<EMBED SRC="Poster.mov" HEIGHT=176 WIDTH=120>

The poster movie links to the real movie with an HREF parameter set by Plug-in Helper. The real movie's URL doesn't appear in your HTML.

If the poster movie is also copy-protected, it's difficult for people to find out the name or location of your real movie. Again, it won't stop a determined thief, but it puts a barbed wire fence behind the "No Trespassing" sign. The following illustration shows how to use Plug-in Helper to embed a URL in a copy-protected poster movie.

 
  1. Open the poster movie in Plug-in Helper. Click the "Disallow saving from plugin" checkbox. This copy-protects the poster, so it can't be opened and examined.
  2. Click the Add button and enter CONTROLLER="False" .
  3. Click Add again and enter TARGET="myself" . This causes any HREF to replace the poster, not the whole HTML frame or browser window.
  4. Click inside the Movie URL text box and enter the URL of your actual movie.
  5. Export (you will have to choose a new name or location).
  6. Embed the poster movie in your Web page.

When the viewer clicks the poster movie, it is replaced by the actual movie because Movie URL is set to Actual.mov and the Plug-in Settings include TARGET="myself" .

If you enter a relative URL, it must be relative to the poster movie , not relative to the HTML page that holds the poster movie.

Of course, you can use Plug-in Helper to copy-protect the actual movie as well. The actual movie should have a controller by default, but you can add CONTROLLER="True" to the actual movie, also using Plug-in Helper, just to be sure (for a VR movie, you must set CONTROLLER="True" if you want one).

  •   Conceal the URL with a Decoy Movie

You can use Plug-in Helper to automatically link one movie to another using the QTNEXT parameter. Putting the QTNEXT parameter inside the first movie, instead of putting it in the <EMBED> tag, conceals the URL of the second movie without requiring the user to click a poster.

  1. Instead of a poster movie, create a very short movie, such as a single black frame with a duration of 1/10 second. Let's call this a decoy movie.
  2. Use Plug-in Helper to copy-protect the decoy movie, set AUTOPLAY= "True" , and set QTNEXT1 to the actual movie with T<myself> , as shown in the following illustration.

    3.  

  3. Export.
  4. Open your actual movie in Plug-in Helper and set CONTROLLER= "True" , or AUTOPLAY="True" , or both. This is necessary when linking using QTNEXT , because QTNEXT does not reset the controller the way HREF does. Check the "Disallow saving from plugin" box. Export.

    Tip  As an alternative to using QTNEXT in the decoy movie, you can use HREF combined with AUTOHREF . Then you don't need to mess with the actual movie. Just substitute

HREF="Actual.mov"
TARGET="myself"
AUTOHREF="True"

for

QTNEXT1="<Actual.mov> T<myself>"

If you use QTNEXT , the decoy movie plays completely before the next movie loads. If you use HREF and AUTOHREF , the next movie loads immediately. The AUTOHREF parameter requires QuickTime 4.1 or later.

  •   Keep the Movie Out of the Cache

A moderately sophisticated user can often extract a copy of a movie from the browser's cache (you just have to know where and when to look). You can prevent a movie from ever being loaded in the browser's cache by using a decoy movie, the QTSRC parameter, and QTSRCDONTUSEBROWSER . Here's how it works.

Whatever the SRC parameter points to is downloaded by the browser and stored in the cache. Make that your decoy movie by setting SRC="Decoy.mov" . QuickTime ignores the SRC file if the QTSRC parameter is present, and instead plays the movie indicated by QTSRC . Have QTSRC point to your actual movie.

If you also set QTSRCDONTUSEBROWSER , QuickTime will get the actual movie without going through the browser, and the movie will not be copied into the browser's cache. The embed tag looks like this:

<EMBED SRC="Decoy.mov" HEIGHT="256" WIDTH="320"
QTSRC="Actual.mov" QTSRCDONTUSEBROWSER >

    Tip  Keep your decoy movie small. It does download, even though QuickTime doesn't use it.

  •   Use Real-Time Streams

People have a hard time copying your movie file if you never send it to them. With real-time streams, you don't send the actual file--just streams of media. QuickTime never keeps more than a few seconds of those streams in its buffers. It displays the media and immediately discards it.

Only very sophisticated users, equipped with packet-sniffing technology, are able to intercept and copy these data streams. It takes additional sophistication to reconstruct a movie from them. For well over 99.9% of the population, it's simply impossible.

The trade-off is that it takes a bit of extra effort for you to deliver QuickTime movies as real-time streams. It isn't difficult, mind you, but there are a couple of extra steps.

Also, by their nature real-time streams can deliver only as high quality an experience as the viewer's bandwidth permits. People on slow or unreliable connections can still receive the highest possible quality by download--they just have to wait longer. But they can't view high-bandwidth streaming content at all, and may find the quality of low-bandwidth material unacceptable.

Of course, streaming also has advantages that balance these drawbacks, such as the ability to jump to any point in a movie without downloading the intervening material.

For this and other reasons, streaming is the most common approach to copy protection.

For more information, see What about Streaming? and Gently down the Stream

  •   Encrypt the Media

The traditional approach to copy protection is encryption. This is moderately effective for copy-protecting physical media, such as DVDs, and can be very effective at keeping any kind of data from being intercepted and copied by people who don't have the encryption key.

The problem is, you generally have to supply the encryption key to the viewer. If the viewer wants to make copies, you can't usually prevent it except by legal action.

QuickTime has built-in support for encryption using media keys--only viewers who have the key can view the media. It's very similar to the way you unlock QuickTime Pro's editing features. Currently, only Sorenson video has implemented media key protection as an option for their codecs.

Other vendors have announced near-term plans to market encryption modules for QuickTime movies that conceal the key from the viewer. These modules should provide moderate to strong protection for any QuickTime media. None are shipping as of this writing, but that could very well have changed by the time you read this. Check the websites listed in the Resources.htm file on the CD for announcements.

  •   Jujitsu

Sometimes the best answer is jujitsu; instead of fighting the force, redirect it to your benefit. Add your logo to the movie and include a live link back to your website. QuickTime makes it simple to do both.

Go further--add a media skin, so the movie plays in your own branded player, replete with your logo and a click-through to your website.

Every copy of the movie becomes free advertising for your company or your product.

Why copy-protect a rock video when every copy is a clickable link to buy the CD it's promoting? It's better than air play--the viewer is never more than one mouse click away from the cash register.

People love to copy things. Use viral marketing to make this force of nature your friend. QuickTime makes it easy to brand your movies and link them to your website.

Okay, enough about copy protection. Let's look at some other things you can do with QuickTime and HTML.
| Next | Prev | Top |
Copyright 2002 by Academic Press


Home | Updates | Corrections | FAQ | Table of Contents | Sample Chapter